Skip to content
/ ctrwrap Public

Wraps as container a self-contained executable using some runc magic

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

airadier/ctrwrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

Makefile

Makefile

 
 

README.md

README.md

 
 

config.json

config.json

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

ctrwap

Experimental: wrap the Sysdig inline-scanner in a self-contained container using runc and embedding the rootfs

How to build

Put rootfs.tar.gz and config.json in current folder and:

make

Root filesytem can be created with:

docker export (docker create quay.io/sysdig/secure-inline-scan:2) -o rootfs.tar

and then compressed with gzip

To generate the config.json:

  • Create a container with ctr c create quay.io/sysdig/secure-inline-scan:2 foo
  • Get the spec with ctr c info foo --spec > config.json

Caveats:

  • Requires running as root (although rootless should be possible)
  • All files in the .tar.gz must have "w" permission for the user or extract fails. So (as in this case) you might need to extract the root filesystem, then chmod -R u+rw * and re-tar again.

About

Wraps as container a self-contained executable using some runc magic

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages